Assessing threats

Keyboard Shortcuts

Information security professionals tackle a wide variety of risks in their roles. These vary from earthquakes and tornadoes to hackers and viruses. In this video, Mike Chapple describes the language of threat assessments: risks, threats and vulnerabilities, and describes how an organization can conduct a cybersecurity threat assessment.

- [Narrator] Information security professionals…tackle a wide variety of risks in their roles.…These vary from earthquakes and…tornadoes, to hackers and viruses.…The sheer quantity of forces aligned against you…may sometimes be a little overwhelming.…Fortunately, we have risk assessment tools…at our disposal that can help us prioritize our response.…First, we need a common language.…In everyday life, people often use the terms…threat, vulnerability, and risk interchangeably.…

They are actually three different concepts.…A threat is some external force that jeopardizes…the security of your information and systems.…Threats might be naturally occurring,…such as hurricanes and wildfires,…or manmade, such as hacking and terrorism.…You can't normally control what threats are out there.…They exist independently.…Vulnerabilities are weaknesses in your security controls…that a threat might exploit to undermine the…confidentiality, integrity, or availability…of your information or systems.…

These might include missing patches, promiscuous firewall…

Resume Transcript Auto-Scroll

Author

Released

10/29/2018

Prepare to pass the Certified Information Security Manager (CISM) exam. In this course, Mike Chapple dives into the topic of information security risk management practices, helping you bolster your ability to identify, assess, and mitigate risks as you prepare for the Information Risk Management exam domain. Mike goes over the key steps of the risk assessment process, the possible risk management options, and frameworks and tools that can help you keep your organization safe. He also includes comprehensive coverage of the many cybersecurity threats facing modern organizations, including viruses, adware, and advanced persistent threats (APTs). Learn about business continuity, disaster recovery, legal and regulatory compliance, and more.